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(54) Method and apparatus for a secure multicast transmission 



(57) A method and apparatus for a secure multicast 
transmission is provided. A secure multicast transmis- 
sion reservation, received at a multicast session secu- 
rity platform, is sent from a serxJer of a secure multicast 
transmission and may include, for example, information 
about the secure multicast transmission and information 
about which multicast receivers are authorized to 
receive the secu'e multicast transmission. The multicast 
session security platform also receives a request for 
security information from a requesting multicast 
receiver. The multicast session security platform may 



include, for example, a multicast session security server 
capat)le of communicating with a plurality of senders 
and a plurality of requesting receivers. It is deternwied, 
using information from the reservation, if the requesting 
receiver is authorized to receive the secure multicast 
transmission. If so, multicast transrrvssion security infor- 
mation, such as IPSEC SA information needed to 
receive the secure multicast transmission, is sent to the 
requesting receiver. 
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Description 

Held of the Invention 

[0001] The present invention relates to multicast 
transmissions. More particularly, the present invention 
relates to a method and apparatus that may be used to 
provide a secure multicast transmission. 

Background of the Invention 

[0002] Many different types of information can be 
sent through a data communication network such as the 
Internet. The types of information include, for example, 
streams of text (including software), images (including 
still and moving images) and audio information. 
Streams that combine different types of information, 
such as multimedia content, can be transmitted as well. 
[0003] A communication network user can request 
an information stream directly from an information 
source, or "sender,' which responds to the request by 
sending the stream to the user. This method of sending 
an information stream from a single point, such as the 
sender, to a single point such as the user, is called a 
'unicast' transmission. The serxier may also "broad- 
cast' the information stream through the communication 
network by sending the informatkin to routers in the 
communication network even if no user downstream 
from a particular router is going to receive the stream. 
[0004] Both unicast and bri3adcast transmissions, 
however, can be very inefficient With a unicast trans- 
mission scheme if the sender wishes to send informa- 
tion to a number of receivers, the sender must transmit 
a number of separate streams of information into the 
network, even though each stream contains exactly the 
same information. Moreover, each stream must be 'mdi- 
vidually handled by communication nodes, or routers, in 
the network. Such an approach can result in an unac- 
ceptat}le amount of traffic in the network. A broadcast 
transmission can be inefficient because some routers 
may be tied up handling information streams even if no 
user downsta^eam from a particular router receives the 
information, which is also ineffident. 
[0005] As an alternative to a unicast or broadcast 
transmission, ttie information sto^eam can be sent from a 
single point to multiple points. This method of serxling 
infomiation, called a "multicast' transmission, is illus- 
trated in FIQ. 1, which shows a block diagram of a 
known system for transmitting a multicast information 
stream ttirough a communication network 200. The 
communication network 200 has a number of multicast- 
capable routers 202, and information enters the network 
as a single stream from a multicast device 210, or 
sender, to a one of those routers 202. As the stream 
travels trough the network 200, the routers 202 divide 
the stream into multiple streams as required to send the 
information downsti'eam to other routers 202 and/or to 
locally attached interested devices 110, or 'receivers.' 



A user who wants to receive a particular multicast trans- 
mission can, for example, use Internet Group Manage- 
ment Protocol (IQMP) to send a 'join' message to a 
local multicast-capable router 202. 
5 [0006] Note that with a multicast transmission, the 
link between the sender 210 and ttie communication 
network 200 only needs to carry a single stream of mul- 
ticast information. 

[0007] Depending on the nature of ttie multicast 

10 transmission, the sender 210 and/or receiver 1 10 of a 
multicast stream may desire to make the transmission 
'secure.' For example, ttie parties may want to make 
sure tfiat the transmission is not received by other, 
"unauthorized," receivers. The parti'es may also need to 

IS verily ttiat the transmission actually originates from the 
sender 210 and has not been tampered witti or altered. 
To provide this type of security, multicast transmission 
security information can be used by both the sender 210 
and ttie recdver 110. The Intemet Protocol versbn 6 

20 (IPv6) Internet Protocol Security (IPSEC) standard is 
one example of an architecture that can be used to pro- 
vide a secure multicast transmission, and is described 
in Kent Stephen, "Security Arctntecture for the Internet 
Protocol," Network Wbrking Group (July 1998), the 

25 entire disclosure of which is hereby incorporated by ref- 
erence. The IPSEC protocol defines, for example. 
Authentication Header (AH) and Encapsulating Security 
Payload (ESP) headers, which are generally transpar- 
ent to applications and routers, that can be used to pro- 

30 vide a secure transmission. Both ttie AH and ESP 
headers contain a Security Parameter Index (SPI) 
which, along with an IP destination address, identifies a 
Security Association (SA) needed to receive ttie multi- 
cast transmission. In general, for example, IPSEC AH 

35 information provides integrity checking information that 
lets a receiver detect if a packet was forged or modified 
while taBveling across a data network. 
[0008] Typically, each receiver 110 needs to individ- 
ually request the multicast tiBnsmission security infbr- 

40 mation from the sender 210. The sender 210 then 
determines if a requesting receiver 1 10 is auttiorized to 
receive the secure multicast transmission, and, if so, 
separately delivers the multicast transmission security 
information to each receiver 1 1 0. The receivers 110 can 

45 ttien use the multicast transmission security information 
to, for example, decode a secure nudticast transmission 
from the sender 210. 

[0009] This approach, however, may not be practi- 
cal if the sender 210 needs to send a secure nulticast 

50 ti'ansmission to a large number of receivers 1 10. In this 
case, the sender 210 must individually communicate, 
for example, wHh tens of thousands requesting receiv- 
ers 110, often simultaneously, and separately process 
each request Moreover, a large number of separate 

55 responses, including the multicast transnission security 
information, must be sent back through the communica- 
tion network 200. This eliminates some of the benefits 
of using multicast technology, such as, for example, let- 
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ting the link between the sender 210 and the communi- 
cation network 200 carry only a small anwunt of 
information. 

[0010] Another problem with known methods of 
providing multk»st transmission security information is s 
that the information each receiver 110 must provide to 
demonstrate that he or she is authorized to receive the 
secure multicast transmission may be sensitive. Such 
information may include, for example, a credit card 
number or home address, and people may hesitate to io 
provide this type of information to an unfamiliar sender 
210. In addition, a sender 210 may need to coordinate 
billing and collection procedures for a large number of 
receivers 110, which can be a difficult task. 
[0011] In view of the foregoing, it can t)e appreci- is 
ated that a sut^stantial need exists for a metfrad and 
apparatus that provides multicast transmission security 
information and solves the problems discussed atxive. 

Summary of The Invention so 

[0012] The disadvantages of the art are alleviated 
to a great extent by a method and apparatus that pro- 
vides multicast transmission security information. A 
secure multicast transmission reservation is received at 2S 
a multicast session security platform. The reservation is 
received from a sender of a secure multicast transmis- 
sion and may include, for example, information at»ut 
the secure multicast transmission arxi information about 
which multicast receivers are auttiorized to receive the 30 
secure multicast transmission. The multicast session 
security platform also receives a request for security 
information from a requesting multicast receiver. The 
multicast session security platform may include, for 
example, a multicast session security server capable of 35 
communicating with a plurality of senders and a plurality 
of requesting receivers. It is determined, using informa- 
tion from the reservation, if the requesting receiver is 
authorized to receive the secure multicast transmission. 
If so, the multicast transrnission security information, 40 
such as the SA information needed to receive the 
secure multicast transmission, is sent to the requesting 
receiver. The SA information may comprise, for exam- 
ple, an authentication key, and authentication key and a 
key life-time, along with other information. 4S 
[0013] With these and other advantages and fea- 
tures of the inverrtion that will become hereinafter 
apparent, the nature of the invention may be more 
clearly understood by reference to the fbllcwing detailed 
description of the invention, the appended claims and to so 
the several drawings attached herein. 

Brief Description of The Drawings 

[0014] 55 

FIG. 1 is a block diagram of a known system that 
transmits a multicast information stream through a 



communication network. 

FIQ. 2 is a bfock diagram including a system that 
provides multicast transmission security informa- 
tion according to an embodiment of the present 
invention. 

FIG. 3 is a more detailed block diagram of a system 
tfiat provides multicast transmission security infor- 
mation according to an embodiment of the present 
invention. 

FIG. 4 is a flow diagram of a method for providing 
multicast transmission security information accord- 
ing to an embodiment of the present invention. 

Detailed Description 

[0015] The present invention is directed to a 
method and apparatus that provides multicast transmis- 
sion security information. Referring now in detail to the 
drawings wherein like parts are designated by like refer- 
ence numerals throughout, there is illustrated in FIG. 2 
a block diagram including a multicast session seoffity 
platform 300 that provides multicast transmission secu- 
rity information for a communication network 200 
according to an etrtxxJiment of the present invention. 
The communication network 200 comprises a number 
of multicast-capable routers 202 that let a sender 220 
ti^nsmit a multicast information stream to a number of 
receivers 120. 

[001 6] According to an emtxxliment of the present 
invention, the multicast session security platform 300 
receives a secure multicast transmission reservation 
from the sender 220 of a secure multicast transmission. 
The reservation may include, for example, information 
about the secure multicast transnvssion such as the 
title, date, time of day and duration of the transmission. 
[001 7] The reservation may also include the partic- 
ular security information, such as a group key or a 
IPSEC SA, needed to receive the secure multicast 
transmission, and information atx>ut which multicast 
receivers 120 are authorized to receive the secure mul- 
ticast ti^nsmission. For example, a franchisor corpora- 
tion may want to send a multicast transmission 
containing sensitive financial information to a number of 
franchisee corfxxations. In this case, the reservation 
may include a list of authorized names arxl passwords 
associated witti each f rarKhisee corporation. 
[0018] Instead of a list of authorized receivers, the 
reservation may include tnlling information, such as a 
price fliat must be paid by a requesting receiver 120 
before he or she will be authorized to receive the multi- 
cast transmission. For example, the reservation may 
indicate ttiat anyone who pays five dollars is auttiorized 
to receive a particular multicast transmission of movie. 
[0019] The multicast session security platform 300 
also receives a request for multicast transmission secu- 
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rity information from a requesting multicast receiver 
1 20. Ttie request may be received using a secure trans- 
mission, such as a secure unicast IPSEC transmission. 
The seccure unicast transmission may be estatilished 
using known public key techniques. As part of the initial 
request, or through some further interaction after the ini- 
tial request, the receiver 120 will provide information to 
the multicast session security platform 300, such as, for 
example, (a) the name or nature of the multicast trans- 
mission the receiver 120 wants to receive, (b) an identi- 
fier, such as a name and password, associated with the 
receiver 120 and/or (c) a aedit card number or other 
tilling information. 

[0020] The multicast session security platform 300 
then determines if the requesting multicast receiver 120 
is authorized to receive the secire miltacast transmis- 
sion. This may t>e done, for exannple, t>y comparing the 
name and password of the receiver 120 with a list of 
authorized names and passwords contained in the res- 
ervation. If the requesting multk:ast receiver 120 is 
authorized, the multicast session security platform 300 
responds with the multicast transmission security infor- 
mation, such as the IPSEC SA information. The 
approved receiver 120 can then use this information to 
receive the secure multicast transmission from the 
sender 220. 

[0021] According to an embodiment of the present 
invention, the multicast session security platform 300 
may be configured to handle reservations and requests 
from a large number of senders 220 arxf receivers 120. 
For example, the multicast session security platform 
300 may have a number of pre-approved sutisaitiers 
who are authorized to receive certain types of multicast 
transmissions or transmissions from certain serxJers 
220. As shewn in FIG. 2, the multicast sesston security 
platform 300 may send the security informatfon to a 
number of personal computers. If desired, however, the 
platform could send the information to, for exanple, a 
secure telephone or fax machine, a wireless Personal 
Digital Assistant (PDA) or any other type of communica- 
tion device. In addition, the security information may be 
sent through the same communication network 200 that 
will be used to transmit the secure multicast session, or 
through some other communication network. 
[0022] Moreover, the multicast session security 
platform 300 may transmit statistics to the sender 220, 
such as the total number of currently approved receiv- 
ers 120 or a total amount of money that has been col- 
lected from those receivers 120. 
[0023] FIG. 3 is a more detailed block diagram of a 
system that provides multicast transmission security 
information for an IP multicast network 205 according to 
an embodiment of the present invention. A multicast 
session security platform 300 includes a multicast ses- 
sion security server 350 connected to IP multicast net- 
work 205 ttirough a communication port 352 (e.g., an 
Ethernet port). The IP multicast network 205 is com- 
prised of a number of IP multicast-capaljle routers 207, 



and the Multicast Backbone (MBone) is one example of 
such a communication network. 
[0024] According to an embodiment of the present 
invention, the multicast session security server 350 

5 receives a secure multicast transmission reservation 
from a sender 230 of a secure multicast transmission. 
This may be done, for example, using a Multicast Secu- 
rity Client (MSC) application 235 installed on the sender 
230 and configured with the IP address of one or more 

10 multicast session security servers 350. The multicast 
session security server 350 and the MSC application 
135 may be configured to let the sender 230 submit the 
reservation using a communication network information 
page, such as a World Wtde Web CWeb") page trans- 

16 mitted through the Internet. 

[0025] As described above with respect to FIG. 2, 
the resenration may include, for example, (a) the title, 
date, time of day and duration of the transmissnn, (b) 
an IPSEC SA - such as one using the Internet Security 

20 Association and Key Management Protocol (ISAKMP) 
framework - needed to receive the transmission, (c) a 
list of names avd passwords associated with authorized 
receivers 130 arvl/or (d) an admission policy, such as a 
price that must be paid by each requesting receiver 130 

25 before he or she will be authorized to receive the trans- 
mission. The reservation information may be stored in a 
reservation datat>ase 310 atong with reservations for 
other multicast transmissions and/or other multicast 
serxlers 230. 

30 [0026] The muWcast sessnn security server 350 
also receives a request for multicast transmission secu- 
rity information from a number of requesting multicast 
receivers 130. This may be done using, for example, a 
MSC application 135 running on the receiver 130, which 

35 may be configured to let a receiver request the security 
information through a Web page. This request may be 
generated by the MSC application 135 without any 
explicit action by a user. Note tfiat, if required, a multi- 
cast-unicast gateway may be installed between the IP 

40 multicast network 205 and either the sender computer 
230 or the receiver computer 130. The request may be 
received using a secure transmisston, such as a secure 
unicast IPSEC transmission, and may include, for 
example, the name of a multicast transmission, a 

45 requesting name and password, and a aedit card 
number. User information, such as information associ- 
ated with a sut}scrit)er of the multicast session security 
platform 300, may also be stored in a user database 
320. Such information may include the type of multicast 

50 transmissions a sut>scril}er is authorized to receive, or 
other infbrmation based on, for example, a form filled 
out by the user when he or she subscrbes to the serv- 
ice. 

[0027] The multicast session security server 350 
55 then determines if a requesting multicast receiver 130 is 
authorized to receive the secure multicast transmission. 
If the requesting multicast receiver 130 is authorized, 
ttie multicast session security server 350 responcte witti 
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the multicast transmission security information, such as 
the IPSEC SA information. The SA information is used 
to estatilish the specific implementation of IPSEC pro- 
tection that will be used during the secure multicast 
transmission. The SA information may indicate, for 
exarrple, what types of keys are required and how the 
transmission will be enaypted or authenticated. The SA 
information may also include a specific destination IP 
address, authentication key, session key and SPI that 
are needed to receive the multicast transmission. The 
approved receiver 130 may then use this information to 
receive the secure multicast ti^nsmission from the 
sender 230. Note that the information may requested, 
received and used by an approved receiver 130 - all 
without the user t>eing aware of the operation, if desired. 
[0028] FIG. 4 is a flow diagram of a method ttiat 
provides multicast transmission security information for 
a communication networK such as the Internet, accord- 
ing to an ennbodimerTt of the present invention. At step 
410, a secure multicast transmission reservation is 
received at a Multicast Session Security Platform 
(MSSP). The reservation is received from a sender of a 
secure multicast transmission and may include, for 
example, information atx)ut the secure multicast trans- 
mission and infonration about which multicast receivers 
are authorized to receive the secure multicast transmis- 
sion. 

[0029] The multicast session security platform also 
receives a request for security information from a 
requesting multicast receiver as indicated at step 420. 
The multicast session security platform may include, for 
example, a multicast session security server capatile of 
communicating with a plurality of senders and a plurality 
of requesting receivers. It is deternvned, using informa- 
tion from the reservation, if a requesting receiver is 
authorized to receive the secure multicast transmission 
at step 430. If so, the multicast transmission security 
information, such as IPSEC SA information needed to 
receive the secure multicast transmission, is sent to the 
requesting receiver at step 440. 
[0t)30] Although various embodiments are specifi- 
cally illushated and described herein, it will be appreci- 
ated that modifications and variations of the present 
invention are covered by the atx>ve teachings and within 
the purview of the appended claims without departing 
from the spirit and Intended scope of the invention. For 
example, although particular system architectures were 
used to illusbBte the present invention, it can be appre- 
ciated that other architectures may be used instead. 
Similarly, although particular types of security protocols 
fiave been illustrated, ottier security protocols will also 
fall wittiin the scope of the invention. Rnally, aHhough 
software or hardware are described to conti'ol certain 
functions, such functions can be performed using either 
software, hardware or a combination of software and 
hardware, as is well known in the art As is also known, 
software may be stored on a medium, such as, for 
example, a hard or floppy disk or a Compact Disk Read 



Only Memory (CD-ROM), in the form of instructions 
adapted to be executed by a processor. The instructions 
may be stored on the medium in a compressed and/or 
encrypted format. As used herein, the phrase 'adapted 
5 to be executed by a processor' is meant to enconpass 
instructions stored in a compressed and/or encrypted 
format, as well as instructions that have to be compiled 
or installed t>y an installer before being executed by the 
processor. 

10 

Claims 

1 . A method of supplying multicast transmission secu- 
rity information to a plurality of requesting multicast 
T5 receivers, the nulticast transmission security infor- 
mation being configured to enable receipt of a 
secure multicast transmission, comprising ttie 
steps of: 

so establishing an irxfividual secure unicast chan- 

nel for each of the plurality of requesting multi- 
cast receivers, the secure unicast channels 
being established using security information 
different from the multicast transmission secu- 

25 rity information; 

receiving, through the secure unicast channel, 
autfwrization information from each of the plu- 
ralfty of requesting mutticast receivers; 

30 

determining if isach of plurality of requesting 
muHicast receivers is authorized to receive the 
secure multicast transmission; arxJ 

35 sending, through tfie secure unicast channel, 

the muHicast transmission security information 
to each of the authorized requesting multicast 
receivers. 

40 2. The method of claim 1, wherein the multicast trans- 
mission securrty information comprises Internet 
Protocol Security (IPSEC) information needed to 
receive the secure multicast transmission. 

45 3. A metlKxf tor providing mutticast bwismission secu- 
rity information, comprising ttie steps of: 

receiving, at a mutticast session securtty plat- 
form, a secure mutticast transmission reserva- 
50 tion from a serxler of a secure multicast 

transmission, the secure mutticast transmis- 
sion reservation conprising intormati'on about 
the secure mutticast ti'ansmission; 

55 receiving, at the multicast session security plat- 

form, a request for the mutticast transmission 
securtty intormation from a requesting mutti- 
cast receiver; and 
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determining tf the requesting multicast receiver 
is authorized to receive the secure multicast 
transmission. 

4. TTie method of claim 3, further conprising: s 

sending the multicast transmission security 
information to the requesting multicast receiver 
if the requesting multicast receiver is author- 
ized to receive the secure nulticast transmis- io 
sion. 

5. The method of claim 3, wherein the secure multi- 
cast transmission reservation further comprises 
information about which multicast receivers are rs 
authorized to receive the secure nrulticast transmis- 
sion, and wherein said step of determining is per- 
formed using information from the secure multicast 
transmission resenmtion. 

so 

6. The method of claim 3, wherein the secure multi- 
cast transmission reservation further comprises the 
multicast transmission security information. 

7. The method of claim 4, wherein said step of receiv- ss 
Ing comprises receiving a plurality of requests for 
the multicast transmission security informatbn from 

a plurality of requesting multicast receivers, arxJ 
wherein said steps of determining arxJ sending are 
performed for each of the plurality of requesting 30 
multicast receivers. 

8. The metfiod of claim 3, wherein the multicast trans- 
mission security information comprises Internet 
Protocol Security (IPSEC) information needed to 35 
receive the secure multicast transmission. 

9. The method of claim 8, wherein the IPSEC informa- 
tion comprises Security Association (SA) informa- 
tion needed to receive the secure multicast 40 
transmission. 

10. The method of claim 3, wherein said step of receiv- 
ing comprises receiving the request fbr multicast 
transmission security information as a unicast Inter- 45 
net Protocol Security (IPSEC) transmission. 

11. The method of daim 3, further comprising the step 
of: 

50 

receiving txlling information from the request- 
ing multicast receiver. 

12. The method of daim 7, wherein said step of deter- 
mining is performed using the txlling information 55 
received from the requesting multicast receiver. 

13. The method of daim 3, further comprising the step 



of: 

serxJing billing information to the sender of the 
secure multicast transmission. 

14. The method of daim 3, wherein the secure multi- 
cast transmission reservation is received using a 
communication netwak information page: 

1 5. The method of daim 3, wherein the request fbr wu\- 
ticast transnii^ion security information is received 
using a communication network information page. 

16. A method for providing Intemet Protocol Security 
(IPSEC) Security Association (SA) information 
related to a secure multicast transmission, compris- 
ing the steps of: 

receiving, at a multicast session security plat- 
form, a secure multicast transmission reserva- 
tion from a servler of the secure multicast 
transmission, wherein the secure multicast 
transmission reservation indudes the IPSEC 
SA information and information about author- 
ized multicast receivers; 

receiving, at the multicast session security plat- 
form, a plurality of requests fbr the IPSEC SA 
information from a pluranty of requesting multi- 
cast receivers; 

determining if each of the plurality of request- 
ing multicast receivers is authorized to receive 
the IPSEC SA inlbrmation based on infbrma- 
tion aboxA authorized multicast receivers con- 
tained m ttie secure multicast transnrtission 
reservation; arxl 

sending the IPSEC SA information to author- 
ized requesting multicast receivers. 

17. A multicast session security platfbrm, comprising: 

a first communication port configured to 
receive a secure multicast transmission reser- 
vation, induding multa'cast transmission secu- 
rity information and infbrmation atx>ut 
authorized multicast receivers, from a sender 
of a secure multicast transmission; 
a second communication port configured to 
receive a plurality of requests fbr ttie multicast 
transmission security infbrmation from a plural- 
ity of requesting multicast receivers; and 
a server system coupled to said first and sec- 
ond communication ports, said server system 
being configured to determine if each of the 
plurality of requesting multicast receivers is 
authorized to receive the multicast transmis- 
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sion security information based on the informa- 
tion about authorized multicast receivers 
contained in tfie secure multicast transmission 
reservation. 

5 

18. An article of manufacture comprising a computer- 
readat)le medium having ^red therein instructions 
adapted to be executed by a processor, the instruc- 
tions which, when executed, deline a series of 
steps for providing multicast transmission security w 
information, said steps comprising: 

receiving, at a multicast session security plat- 
form, a secure multicast transmission reserva- 
tion from a sender of a secure multicast is 
transmission, the secure multicast transmis- 
sion reservation comprising information atx>ut 
the secure multicast transmission; 

receiving, at the multicast session security plat- 20 
form, a request for the multicast transmission 
security information from a requesting multi- 
cast receiver: and 

detemiining if the requesting multicast receiver 25 
is authorized to receive the secure multicast 
transnussion. 

19. The medium of claim 18, wherein the steps further 
comprise: so 

sending the multicast transmission security 
information to the requesting multicast receiver 
if the requesting multicast receiver is author- 
ized to receive the secure multicast transmis- as 
sion. 

20. The medium of daim 18, wherein the secure multi- 
cast transmission reservation further comprises 
information about which multicast receivers are 40 
authorized to receive the secure mulb'cast transmis- 
sion, and wherein the step of determining s per- 
formed using information from the secure multicast 
transmission resewab'on. 

45 

21. An article of manufacture comprising a computer- 
readable medium having stored therein instructions 
adapted to be executed by a processor, the instruc- 
tions which, when executed, define a series of 
steps for receiving multicast transmission security so 
information, said steps comprising: 

sending a request for the multicast transmis- 
sion security information to a multicast session 
security platform, the request including at least ss 
one of (a) user identification information, (b) 
billing information and (c) multicast tiBnsmis- 
sion identification information; 



receiving the multicast transnnssion security 
information from the multicast sesston security 
platform; and - 

receiving, using the multicast transmission 
security information, a secure multicast trans- 
mission from a sender other tfian the multicast 
session security platform. 
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FIG. 4 
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MSSP RECEIVES RESERVAnON 
FROM SENDER 
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MSSP RECEIVES REQUEST 
FOR SECURITY INFORMAHON k-420 
FROM REQUESHNG RECEIVER 



IS REQUESnNG RECEIVER 
NO/ AUTHORIZED TO RECEIVE 
SECURE MUmCAST 
TRANSMISSION ? 



Ies 




SEND SECURITY INFORMATION 
TO REQUESTING RECEIVER 
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